Skillset

January 1st, 2017, this is the right moment to look at the last 12 months analyzing the biggest hacks of 2016. It was for sure the worst year for cyber-security due to the amazing number of data breaches that have been publicly disclosed.

Shadow Brokers hacked the NSA-linked group Equation Group

Last summer a mysterious hacker group calling themselves the Shadow Brokers hacked into “Equation Group” arsenal. In February 2015, security researchers at Kaspersky revealed the existence of a hacker group, called Equation Group, that has been active since 2001 and that targeted practically every industry with sophisticated zero-day malware. Researchers linked the Equation Group to the NSA Agency.

The researchers explained that the Equation Group is a “threat actor that surpasses anything known regarding complexity and sophistication of techniques,”

In the arsenal of the ATP group, there were sophisticated hacking tools that according to the experts requested a significant effort for their development.

The Shadow Brokers tried to sell the hacking tools and exploits in an online auction without success.

YAHOO Data breach

In 2016, security experts discovered two data breaches suffered by Yahoo in 2012 and 2014. The second one, which occurred in fall 2013, is the biggest one regarding sheer magnitude, experts estimated it has impacted one billion accounts. Personal users’ information was compromised, including names, email addresses, phone numbers, birthdays, hashed passwords, and security questions and answers. No financial data was exposed.

In 2016, Yahoo confirmed that it suffered another data breach in 2014 by state-sponsored hackers that accessed 500 million user accounts. The two security breaches are most likely separate.

“Weaponizing” the Internet of Things – The DYN DNS hack

In 2016, we assisted in massive DDoS attacks powered by Internet of Things devices that created serious problems.

The biggest cyber-attack powered by the Mirai botnet targeted the Dyn DNS service and affected a huge portion of Internet users in the US taking down the access to major web services, including Twitter, Reddit, Amazon, Netflix, PayPal, Pinterest, Spotify and many others.

The Mirai botnet involved in the attack was composed of IoT devices like DVRs, routers, CCTVs as confirmed by experts at Flashpoint. Experts believe that roughly 20,000 IoT devices participated in the attack flooding traffic to DNS hosting provider Dyn.

“Flashpoint has confirmed that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware. Mirai botnets were previously used in DDoS attacks against security researcher Brian Krebs’ blog “Krebs On Security” and French internet service and hosting provider OVH.” reads the analysis published by Flashpoint “Mirai malware targets Internet of Things (IoT) devices like routers, digital video records (DVRs), and webcams/security cameras, enslaving vast numbers of these devices into a botnet, which is then used to conduct DDoS attacks. ”

Figure 1 – Mirai botnet attack on Dyn DNS service

OLD breaches shake IT industry … LinkedIn, Tumblr, VK and DropBox.

Many serious hacks that happened in the past were disclosed in 2016. Overall, a billion account credentials fueled the black market.

It is not clear who breached the above companies, and how, but a mysterious character using the online moniker Tessa88 was involved in all the circumstances, at least in the sale of the huge trove of data.

Adult Friend Finder data breach

The Adult Friend Finder data breach exposed more than 400 million users. The company Friend Finder Network that owns AdultFriendFinder and other adult websites was hacked.

The data breach has exposed more than 412 million accounts, 339 million of which from the AdultFriendFinder.com and over 15 million “deleted” accounts that were still present in the database.

A close look at the databases revealed that 62 million belong to Cams.com, and 7 million from Penthouse.com, the remaining records come from other brands of Friend Finder Network.

Almost every account password was cracked, thanks to the company’s poor security practices. Even “deleted” accounts were found in the data leaked after the data breach.

SWIFT Cyber-heists

In 2016, crooks have abused the international cross-border payment messaging system SWIFT to steal millions of dollars from banks across the world.

It was the first heist of a long string, in May, the media announced the second and the third victim of SWIFT hackers. In May a fourth Bank in the Philippines was a victim of the SWIFT hackers and experts at Symantec confirmed the malware shares code with tools used by the Lazarus group. In June experts from the ISACA organization confirmed that SWIFT hackers stole $10 million from a Ukrainian bank through SWIFT system.

Ethical Hacking Training – Resources (InfoSec)

Database of Philippine election voters hacked by Anonymous

In April hackers belonging to the Anonymous Philippines collective breached the database for the Philippine Commission on Elections (COMELEC). It is the biggest government-related data breach that exposed the records of more than 55 million voters that were made public online by Lulzsec Pilipinas. The archive is full of sensitive data, including personal and passport information and fingerprint data, and unfortunately, not all the records were encrypted.

LulzSec Pilipinas released 16 databases from the Comelec website for a total number of 355 tables

The data breach occurred a few weeks before the national elections in the Philippines, scheduled for 9 May.

Anonymous Philippines warned COMELEC to improve the security of the vote-counting machines.

Tesco Bank, victims of hackers

In November, Tesco Bank halted all online transactions after a cyber-heist affected roughly 40,000 of its customers.

This attack will remain in history due to the number of customers affected and the emergency measure adopted by the financial institution. The bank confirmed that roughly 9,000 customers had as much as £600 (around $763) stolen from their accounts.

Tesco has downplayed the amount of money that was stolen from the customers’ accounts, anyway the bank will refund all losses and has apologized for poor customer service that supported the users that tried to receive information by calling the bank over the weekend.

Pierluigi Paganini is CTO at Cybaze Enterprise SpA
Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

Save my name, email, and website in this browser for the next time I comment.

2 − one =

About InfoSec

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We provide the best certification and skills development training for IT and security professionals, as well as employee security awareness training and phishing simulations. Learn more at infosecinstitute.com.

Connect with us

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

Why Take This Training?

How will you fund your training?

What is your training budget?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam